Privacy Policy

Last updated: 7 August 2025

Introduction

Camus LLC, doing business as Habit of Care (“Habit of Care,” “we,” “us” or “our”), operates an AI‑powered platform that helps mental health professionals manage client homework, journaling, analytics and administrative tasks. We are committed to protecting your privacy and handling your personal information responsibly. This Privacy Policy explains how we collect, use, share and protect information when you access our websites, mobile applications, software and related services (collectively, the “Services”). It also describes your privacy rights and choices.

This policy applies to providers, administrators and business professionals (“Customers” or “you”) who use the Services. Information that we process on behalf of our Customers’ clients (“Clients”) through the Client Portal is governed by a separate Client Privacy Policy because we act as a service provider for those Clients and our Customers control how their data is used. If you are a Client, please review the Client Privacy Policy.

Categories of Personal Information We Collect

We collect personal information (also called “personal data”) that can identify or reasonably relate to a particular individual or household. The types of information we collect depend on how you interact with us. We collect the following categories of information:

• Identifiers and contact details, such as your name, business name, mailing address, billing address, email address, phone number, unique account identifiers, usernames and passwords.
• Professional and licensure information, such as your professional credentials, licensure status, field of practice, qualifications, continuing education activities, calendar and scheduling information, and other information related to your business.
• Payment and financial data, such as your bank account and routing numbers, credit or debit card details, tax identification number, and billing history.
• Device and usage data, including IP addresses, unique device identifiers, browser type and settings, operating system, referral URLs, pages viewed, links clicked, feature usage, session timestamps, crash data, and other information about how you interact with our Services. We collect this automatically through cookies, web beacons, embedded scripts, local storage and similar technologies.
• Communications and audio/visual recordings when you contact us or participate in a demo, support call or video meeting, which may include call recordings, voice messages, transcripts and the content of your communications.
• Commercial and transactional information, such as the products and services you have purchased or considered, your subscription status, payment history and details of promotions or rewards in which you participate.
• Preference and profile data, including information about your interests, goals, engagement with educational content, responses to surveys and feedback, and inferences we derive from other personal information to better understand your preferences and tailor our Services.
• User‑generated content, such as messages, journaling data, habit tracking entries, comments, ratings, feedback, documents or files you upload to the Services. You may also choose to share progress notes and assessments with Clients; you should not upload content that you do not have permission to share.
• Sensitive personal information, which may include login credentials, financial information, health information (e.g., information about your practice or client conditions), race or ethnic origin, sexual orientation, religious or philosophical beliefs, and other categories defined as sensitive under applicable laws. We collect this information only when necessary to provide the Services, meet legal obligations, or with your explicit consent.
• Information from third parties, such as business partners, payment processors, analytics providers, marketing partners, public sources or social media platforms, which may include demographic data, professional information, purchase history, device data, advertisement interactions and social media identifiers. We combine this data with other information to support account set‑up, fraud prevention, marketing and analytics.

How We Collect Information

We collect personal information from a variety of sources:

• Directly from you. You provide information when you create an account, subscribe to a plan, request support, participate in surveys or research, schedule a call, join webinars, enroll in continuing education programs, or communicate with us by email, phone, video or chat.
• Automatically through your use of the Services. We and our partners collect device and usage data via cookies and similar technologies (as described in the Cookies & Tracking section). This includes when you navigate our sites and applications, interact with our content or open our emails.
• From third‑party partners. We may receive information from payment processors, identity verification providers, marketing partners, analytics vendors, event organizers and social networks if you interact with our profiles or use single sign‑on.
• By inference or creation. We derive insights, analytics and predictions about you by analysing other data we collect. For example, our AI tools may infer engagement patterns or suggest recommended content. We treat these inferences as personal data when they are associated with an identifiable individual.

Purposes for Using Personal Information

We use personal information for the following purposes and legal bases:

• To provide and operate the Services. We use data to create and manage accounts, authenticate users, process payments, personalise dashboards, schedule tasks, manage homework assignments, deliver AI‑generated recommendations, facilitate communications between you and your Clients, provide continuing education courses, and deliver other requested features.
• To maintain the security, integrity and quality of the Services. We monitor and analyse usage, troubleshoot performance, fix errors, detect and prevent fraud, enforce our terms and policies, conduct audits and maintain business records. We ensure compliance with applicable U.S. legal and regulatory requirements, such as HIPAA and similar laws.
• To communicate with you. We respond to enquiries, send transactional emails (e.g., order confirmations, invoices, service updates), provide customer support, deliver account notifications, and send marketing or promotional messages about new features, offers and events. You may opt out of marketing communications at any time.
• To conduct research and develop improvements. Consistent with privacy‑by‑design and research ethics, we use de‑identified and aggregated data to analyse trends, evaluate the effectiveness of our AI models, develop new features, perform quality assurance, and conduct research in collaboration with academic or industry partners.
• For legal and compliance purposes. We process personal information to satisfy our legal obligations (e.g., tax and accounting, regulatory reporting, responding to lawful requests from authorities), resolve disputes, enforce contracts, and protect the rights, safety or property of Habit of Care, our users or the public.
• On the basis of legitimate interests or with your consent. Where permitted by law, we use certain information to pursue our legitimate interests, such as improving user experience, promoting our Services or engaging in limited direct marketing. In some jurisdictions, we rely on your consent to process sensitive data or to send marketing communications. You can withdraw consent at any time.

How We Share Personal Information

We do not sell your personal information. We share information only as described below:

• Service providers and processors. We engage trusted vendors to host our infrastructure, process payments, provide customer support, send emails and push notifications, perform analytics, verify professional credentials, conduct background checks, maintain our rewards program, and provide other business functions. These providers act on our behalf, are contractually bound to use your data only for our purposes and must maintain appropriate security measures.
• Affiliates. We share information with our parent and affiliate entities for internal administrative purposes, compliance, corporate governance, research, product development and consistent service delivery.
• Legal and regulatory disclosures. We may disclose information when required to do so by law, court order or other legal process; to cooperate with regulators; to detect, prevent or address fraud, security or technical issues; or to protect our rights, property or safety or that of our users or the public.
• Business transfers. If we engage in a merger, acquisition, restructuring or sale of assets, information may be transferred or disclosed as part of the transaction. We will provide notice if a transfer materially impacts how your information is used.
• Professional advisors. We may disclose information to our legal counsel, auditors, insurers and other professional advisors under confidentiality obligations.
• Consensual disclosures. With your explicit consent, we may display your testimonials or professional profile, share your information with referral partners, integrate with other apps or services at your direction, or participate in research studies.
• Aggregated or de‑identified data. We may share aggregated or de‑identified data that cannot reasonably be used to identify you with third parties for analytics, benchmarking, research or marketing purposes. We take steps to ensure that the data cannot be re‑identified.

Cookies & Tracking

We use cookies, pixel tags, local storage and similar technologies (“cookies”) to recognize your browser or device, remember your preferences, keep you signed in, enable single sign‑on, provide certain features, measure the effectiveness of our marketing, and understand how you and other visitors use our Services. We use both first‑party cookies (set by us) and third‑party cookies (set by our partners, such as analytics and marketing providers). Some cookies are strictly necessary for the Services to function; others are optional and can be managed via our cookie banner or your browser settings. We honour Global Privacy Control signals where legally required; at this time we do not respond to other “Do Not Track” signals.

Retention & Security

We retain personal information for as long as necessary to fulfil the purposes outlined in this policy, maintain business records, comply with legal obligations, resolve disputes and enforce our agreements. The retention period may vary depending on the type of data and our legal obligations. When data is no longer needed, we will either delete it or de‑identify it in accordance with our internal retention policies.

We maintain a comprehensive security program designed to protect personal information from unauthorized access, use or disclosure. Our program includes administrative, technical and physical safeguards such as encryption in transit and at rest, multi‑factor authentication, role‑based access controls, regular security assessments, vulnerability management, data minimisation practices and staff training. We follow recognised frameworks such as NIST and apply Privacy by Design principles. Despite these efforts, no system can guarantee absolute security. If we experience a data breach that compromises your information, we will notify you and relevant authorities as required by law.

Your Privacy Rights

We are committed to honouring privacy rights for all of our users, regardless of where they live. Depending on your jurisdiction, you may have the following rights:

• Access. You can request a copy of the personal information we hold about you and how we use it.
• Rectification. You can request that we correct inaccurate or incomplete information.
• Deletion. You can request that we delete your personal information, subject to certain exceptions (such as where we must retain data to comply with law or complete transactions).
• Portability. You can request a copy of your information in a structured, machine‑readable format, and ask us to transmit it to another controller where technically feasible.
• Restriction / objection. You can request that we restrict or stop certain processing of your data, such as direct marketing or profiling.
• Opt‑out of sales or targeted advertising. We do not sell personal information, but some laws treat certain disclosures or use of tracking technologies as “sales.” You can opt out of such sharing where it applies.
• Limit use of sensitive data. You can instruct us to limit the use and disclosure of sensitive personal information for purposes other than providing the Services. We do not use sensitive personal information for targeted advertising or marketing.
• No retaliation. We will not discriminate against you for exercising your privacy rights. However, some functionality may be unavailable if you request deletion of necessary data.

To exercise these rights, contact us using the details in the Contact Us section below. We may require proof of identity before responding to your request. Authorized agents may submit requests on your behalf with appropriate documentation. You may also appeal a decision by contacting us again and noting your request for review. If you have concerns about our handling of your request, you can contact your local data protection authority.

International Data Transfers

Habit of Care is headquartered in the United States. If you access the Services from outside the U.S., your data may be processed and stored in the United States or other locations where we or our service providers operate. By using the Services and providing us with your information, you acknowledge and consent to this transfer, processing and storage. We are a U.S.-based service and focus on compliance with U.S. data privacy laws.

Children’s Privacy

Our Services are intended for use by licensed mental health professionals. We do not knowingly collect personal information directly from children under 13. If we become aware that a child has provided us with personal information without parental consent, we will use that information only to respond to the child (or the parent or legal guardian) to inform them that they cannot use the Services and will delete the information. If you believe a child has provided us with personal information, please contact us immediately.

External Links & Social Features

Our websites and apps may include links to third‑party websites, plug‑ins, social networks and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third‑party services and are not responsible for their privacy statements or practices. We encourage you to read the privacy policies of every site you visit.

Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices, technology, legal requirements or other factors. If we make material changes, we will provide notice via email or through the Services and update the “Last updated” date at the top of this policy. Your continued use of the Services after a change becomes effective indicates your acceptance of the updated policy. We encourage you to review this policy periodically.

Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or our privacy practices, please contact us:

Habit of Care Privacy Team
1141 N. Martin Luther King Jr. Drive
Milwaukee, WI 53203
USA
Email: privacy@habitofcare.com